Instructions
Add-on Details
The Two-factor Authentication add-on will require the user to provide a code if the IP address has changed, this code is sent to the user's email address.
How To Add
In phpMyAdmin select the "phplogin" database and import the "twofactor.sql" SQL file.
Copy both the "twofactor.html" and "twofactor.php" files to your "phplogin" directory.
Edit the "authenticate.php" file and find this line:
$stmt = $con->prepare('SELECT id, password, rememberme, activation_code, role FROM accounts WHERE username = ?');Replace with:
$stmt = $con->prepare('SELECT id, password, rememberme, activation_code, role, ip, email FROM accounts WHERE username = ?');Find:
$stmt->bind_result($id, $password, $rememberme, $activation_code, $role);Replace with:
$stmt->bind_result($id, $password, $rememberme, $activation_code, $role, $ip, $email);Find:
echo 'Please activate your account to login! Click <a href="resendactivation.php">here</a> to resend the activation email.';Add After:
} else if ($_SERVER['REMOTE_ADDR'] != $ip) {
// Two-factor authentication required
$_SESSION['tfa_code'] = uniqid();
$_SESSION['tfa_email'] = $email;
$_SESSION['tfa_id'] = $id;
echo 'tfa: twofactor.php';Edit the "index.php" file and find this line:
window.location.href = "home.php";Add after:
} else if (result.includes("tfa:")) {
window.location.href = result.replace("tfa: ", "");Edit the "register-process.php" file and find this line:
$stmt = $con->prepare('INSERT INTO accounts (username, password, email, activation_code, role, registered, last_seen) VALUES (?, ?, ?, ?, ?, ?, ?)');Replace with:
$stmt = $con->prepare('INSERT INTO accounts (username, password, email, activation_code, role, registered, last_seen, ip) VALUES (?, ?, ?, ?, ?, ?, ?, ?)');Find this line:
$stmt->bind_param('sssssss', $_POST['username'], $password, $_POST['email'], $uniqid, $role, $date, $date);Replace with:
$ip = $_SERVER['REMOTE_ADDR'];
$stmt->bind_param('ssssssss', $_POST['username'], $password, $_POST['email'], $uniqid, $role, $date, $date, $ip);